danarchy_deploy 0.2.7 → 0.2.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.asdf_versions.json +5 -0
  3. data/.tool-versions +1 -0
  4. data/CHANGELOG.md +9 -0
  5. data/Gemfile.lock +9 -8
  6. data/danarchy_deploy.gemspec +4 -4
  7. data/lib/danarchy_deploy/groups.rb +0 -1
  8. data/lib/danarchy_deploy/services/init/openrc.rb +10 -6
  9. data/lib/danarchy_deploy/services/init.rb +28 -18
  10. data/lib/danarchy_deploy/services.rb +0 -1
  11. data/lib/danarchy_deploy/system/centos.rb +7 -0
  12. data/lib/danarchy_deploy/system/debian.rb +6 -0
  13. data/lib/danarchy_deploy/system/gentoo.rb +83 -23
  14. data/lib/danarchy_deploy/system/opensuse.rb +6 -0
  15. data/lib/danarchy_deploy/system.rb +13 -8
  16. data/lib/danarchy_deploy/templater.rb +1 -2
  17. data/lib/danarchy_deploy/users.rb +50 -42
  18. data/lib/danarchy_deploy/version.rb +1 -1
  19. data/lib/danarchy_deploy.rb +61 -19
  20. data/templates/applications/nginx/domain.conf.erb +38 -0
  21. data/templates/applications/php/phpfpm.conf.erb +19 -0
  22. data/templates/applications/php/user.conf.erb +19 -0
  23. data/templates/applications/wordpress/mysql_user_privileges.sql.erb +2 -0
  24. data/templates/applications/wordpress/wp-config.php.erb +82 -0
  25. data/templates/asdf/asdf.sh.erb +52 -0
  26. data/templates/deploy_template.json +6 -7
  27. data/templates/distcc/distccd.erb +14 -0
  28. data/templates/distcc/hosts.erb +2 -0
  29. data/templates/portage/make.conf.erb +30 -0
  30. data/templates/portage/package.use/bindist +3 -0
  31. data/templates/portage/package.use/documentation +3 -0
  32. data/templates/services/memcached/memcached.erb +40 -0
  33. data/templates/services/mysql/my.cnf.erb +143 -0
  34. data/templates/services/mysql/root_my.cnf.erb +11 -0
  35. data/templates/services/mysql/user_db_grants.sql.erb +33 -0
  36. data/templates/services/mysql/user_db_grants.sql.erb_cleanupUsers +52 -0
  37. data/templates/services/nginx/nginx.conf.erb +48 -0
  38. data/templates/services/php/php-fpm.conf.erb +2 -0
  39. data/templates/services/postfix/localmail.initial_setup.sh +19 -0
  40. data/templates/services/postfix/localmail.main.cf.erb +41 -0
  41. data/templates/services/postfix/mailname.erb +1 -0
  42. data/templates/services/postfix/mailrelayhost_main.cf.erb +33 -0
  43. data/templates/services/postfix/main.cf.erb +28 -0
  44. data/templates/services/postfix/master.cf.erb +124 -0
  45. data/templates/services/postfix/mysql-virtual-alias-maps.cf.erb +5 -0
  46. data/templates/services/postfix/mysql-virtual-mailbox-domains.cf.erb +5 -0
  47. data/templates/services/postfix/mysql-virtual-mailbox-maps.cf.erb +5 -0
  48. data/templates/system/authorized_keys.erb +5 -0
  49. data/templates/system/crontab.erb +8 -0
  50. data/templates/system/dmcrypt.erb +17 -0
  51. data/templates/system/exports.erb +4 -0
  52. data/templates/system/fstab.erb +4 -0
  53. data/templates/system/sudoers.erb +5 -0
  54. metadata +44 -11
  55. data/.ruby-gemset +0 -1
  56. data/.ruby-version +0 -1
  57. /data/bin/{setup → setup-dd} +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7e103704d84bcb50319a7f6dae091e4655159c1ee83e0b28ae599280ab1c325d
4
- data.tar.gz: '084b77c73e50c58af4f38d8cd81be5cdbbcd6923a046b944f3b1c3eafaacb248'
3
+ metadata.gz: 637fb3a1e9810606d864cbc0acab785194ce1fd101c1d74b1135cda4cf489229
4
+ data.tar.gz: 8886abdb6002348b7fe4fe1d9b27e90766bfd568b30513d246460b2c2dadd188
5
5
  SHA512:
6
- metadata.gz: b24d195152bfd8ce9e63e946d393f6699c56914e6880b431e5ab93b4c557a292b73f3c6a5c6d21fa35fd3cf70f531daced888e1192bea86f0bcef6947e571b9e
7
- data.tar.gz: bcf97212adde19fbb712efb9b9864e1f8f26e22370ed5fd0ff435ea1a04cd065d78b9530ee1b2989afd2aadc4c72eeecbdfc67f52b698dd08af0d7ee5d1be930
6
+ metadata.gz: 1bd45a91ea250c523e7ddaca5f8b06e91f8ebd52ede360389fb612354e383720b316f9652aa94400d6ec1204b02205b3556dcabf47842a17350e04c46389b1e9
7
+ data.tar.gz: 74283e5e2b7ee9d6d3abb15791fc9a742c1e8329eba28d680185380e4682799749b13c848923f3c6b77b2c9ed3fa8585f3f8b0619289aecd11eae363737f9e12
@@ -0,0 +1,5 @@
1
+ {
2
+ "ruby": [
3
+ "latest:3.2.2"
4
+ ]
5
+ }
data/.tool-versions ADDED
@@ -0,0 +1 @@
1
+ ruby 3.2.2
data/CHANGELOG.md CHANGED
@@ -1,3 +1,12 @@
1
+ patch_0.2.8
2
+ - Switch support from RVM to ASDF
3
+ - users.rb: use Templater to handle authorized_users and sudoers
4
+ - danarchy_deploy.rb: ignore WARNs in gem install
5
+ - danarchy_deploy.rb: use sudo -i to load environment
6
+ - Templater: add builtin templates
7
+ - Gentoo: wait_for_sync
8
+ - System::Init: OpenRC runlevel support
9
+
1
10
  patch_0.2.7
2
11
  - Patch Templater ERB.new for Ruby versions higher than 2.6
3
12
  - Allow builtin:: templates in Templater
data/Gemfile.lock CHANGED
@@ -1,26 +1,27 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- danarchy_deploy (0.2.6)
4
+ danarchy_deploy (0.2.8)
5
5
  danarchy_couchdb (~> 0.1)
6
- mongo (~> 2.17)
6
+ mongo (~> 2.20)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- bson (4.14.1)
11
+ bson (5.0.1)
12
12
  danarchy_couchdb (0.1.3)
13
- mongo (2.17.0)
14
- bson (>= 4.8.2, < 5.0.0)
15
- rake (13.0.6)
13
+ mongo (2.20.1)
14
+ bson (>= 4.14.1, < 6.0.0)
15
+ rake (13.2.1)
16
16
 
17
17
  PLATFORMS
18
+ ruby
18
19
  x86_64-linux
19
20
 
20
21
  DEPENDENCIES
21
- bundler (~> 2.3)
22
+ bundler (~> 2.5)
22
23
  danarchy_deploy!
23
24
  rake (~> 13.0)
24
25
 
25
26
  BUNDLED WITH
26
- 2.3.9
27
+ 2.5.11
@@ -28,10 +28,10 @@ Gem::Specification.new do |spec|
28
28
  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
29
29
  spec.require_paths = ["lib"]
30
30
 
31
- spec.add_dependency "danarchy_couchdb", "~> 0.1"
31
+ spec.add_dependency 'danarchy_couchdb', '~> 0.1'
32
32
 
33
- spec.add_development_dependency "bundler", "~> 2.3"
34
- spec.add_development_dependency "rake", "~> 13.0"
33
+ spec.add_development_dependency 'bundler', '~> 2.5'
34
+ spec.add_development_dependency 'rake', '~> 13.0'
35
35
 
36
- spec.add_runtime_dependency "mongo", "~> 2.17"
36
+ spec.add_runtime_dependency 'mongo', '~> 2.20'
37
37
  end
@@ -18,7 +18,6 @@ module DanarchyDeploy
18
18
  end
19
19
  end
20
20
 
21
- # [groupadd_result, groupdel_result]
22
21
  deployment
23
22
  end
24
23
 
@@ -3,9 +3,10 @@ module DanarchyDeploy
3
3
  module Services
4
4
  class Init
5
5
  class Openrc
6
- def initialize(service, options)
7
- @service = service
8
- @options = options
6
+ def initialize(service, runlevel, options)
7
+ @service = service
8
+ @runlevel = runlevel
9
+ @options = options
9
10
  end
10
11
 
11
12
  def status
@@ -58,13 +59,16 @@ module DanarchyDeploy
58
59
  end
59
60
 
60
61
  def enable
61
- cmd = "rc-update add #{@service} default"
62
+ cmd = "rc-update add #{@service} #{@runlevel}"
62
63
  DanarchyDeploy::Helpers.run_command(cmd, @options)
63
64
  end
64
65
 
65
66
  def disable
66
- cmd = "rc-update del #{@service} default"
67
- DanarchyDeploy::Helpers.run_command(cmd, @options)
67
+ Dir["/etc/runlevels/*/#{@service}"].each do |svc|
68
+ runlevel, service = svc.split('/')[3,4]
69
+ cmd = "rc-update del #{service} #{runlevel}"
70
+ DanarchyDeploy::Helpers.run_command(cmd, @options)
71
+ end
68
72
  end
69
73
  end
70
74
  end
@@ -10,42 +10,52 @@ module DanarchyDeploy
10
10
 
11
11
  deployment[:services].each do |service, params|
12
12
  next if ! params[:init]
13
- orig_actions = params[:init]
14
- puts "\n > Init actions for #{service}: #{params[:init].join(', ')}"
15
- params[:init].each do |action|
16
- puts " |+ Taking action: #{action} on #{service}"
13
+ if params[:init].class == Array
14
+ # one-time update for :init to new format
15
+ params[:init] = if deployment[:os] == 'gentoo'
16
+ { runlevel: 'default', actions: params[:init] }
17
+ else
18
+ { actions: params[:init] }
19
+ end
20
+ end
21
+
22
+ init_manager(deployment[:os], service, params[:init][:runlevel], options)
23
+ puts "\n > Init actions for #{service}: #{params[:init][:actions].join(', ')}"
24
+ params[:init][:actions].each do |action|
25
+ puts " |> Taking action: #{action} on #{service}"
17
26
  if options[:pretend]
18
- puts " Fake run: #{action} #{service}"
27
+ puts " |- Fake run: #{action} #{service}"
19
28
  else
20
- init_manager(deployment[:os], service, action, options)
29
+ init_run(action)
21
30
  end
22
31
  end
23
-
24
- params[:init] = orig_actions
25
32
  end
26
33
 
27
34
  deployment
28
35
  end
29
36
 
30
- def self.init_manager(os, service, action, options)
31
- init = if os == 'gentoo'
32
- DanarchyDeploy::Services::Init::Openrc.new(service, options)
33
- else
34
- DanarchyDeploy::Services::Init::Systemd.new(service, options)
35
- end
37
+ private
38
+ def self.init_manager(os, service, runlevel='default', options)
39
+ @init = if os == 'gentoo'
40
+ DanarchyDeploy::Services::Init::Openrc.new(service, runlevel, options)
41
+ else
42
+ DanarchyDeploy::Services::Init::Systemd.new(service, options)
43
+ end
44
+ end
36
45
 
37
- init_result = init.send(action)
46
+ def self.init_run(action)
47
+ init_result = @init.send(action)
38
48
 
39
49
  if stderr = init_result[:stderr]
40
50
  if stderr.include?('unknown function')
41
- puts " ! Action: #{action} not available for service: #{service}.\n" +
51
+ puts " ! Action: #{action} not available for service.\n" +
42
52
  " ! A restart may be needed! Otherwise, remove this action from the deployment.\n" +
43
53
  " ! Not taking any action here.\n"
44
54
  else
45
- abort(" ! Action: #{action} #{service} failed!")
55
+ abort(" ! Action: #{action} failed!")
46
56
  end
47
57
  else
48
- puts " |+ Action: #{action} #{service} succeeded."
58
+ puts " |+ Action: #{action} succeeded."
49
59
  end
50
60
  end
51
61
  end
@@ -10,7 +10,6 @@ module DanarchyDeploy
10
10
  puts "\n" + self.name
11
11
 
12
12
  deployment[:services].each do |service, params|
13
- next if service == :init
14
13
  puts "\nConfiguring service: #{service}"
15
14
 
16
15
  if params[:archives] && !params[:archives].empty?
@@ -6,12 +6,19 @@ module DanarchyDeploy
6
6
  puts "\n" + self.name
7
7
  puts "#{deployment[:os].capitalize} detected! Using yum."
8
8
  # needs more testing
9
+
10
+ set_hostname(deployment[:hostname]) if !options[:pretend]
9
11
  installer = 'yum install -y '
10
12
  updater = 'yum upgrade -y'
11
13
  cleaner = 'yum clean all'
12
14
 
13
15
  [installer, updater, cleaner]
14
16
  end
17
+
18
+ private
19
+ def set_hostname(hostname)
20
+ `hostnamectl hostname #{hostname}`
21
+ end
15
22
  end
16
23
  end
17
24
  end
@@ -7,6 +7,7 @@ module DanarchyDeploy
7
7
  puts "\n" + self.name
8
8
  puts "#{deployment[:os].capitalize} detected! Using apt."
9
9
 
10
+ set_hostname(deployment[:hostname]) if !options[:pretend]
10
11
  if deployment[:apt]
11
12
  if deployment[:apt][:templates]
12
13
  puts "\nChecking Apt configs."
@@ -56,6 +57,11 @@ module DanarchyDeploy
56
57
  end
57
58
  end
58
59
  end
60
+
61
+ private
62
+ def set_hostname(hostname)
63
+ `hostnamectl hostname #{hostname}`
64
+ end
59
65
  end
60
66
  end
61
67
  end
@@ -6,12 +6,7 @@ module DanarchyDeploy
6
6
  puts "\n" + self.name
7
7
  puts 'Gentoo detected! Using emerge.'
8
8
 
9
- hostname = deployment[:hostname]
10
- if check_hostname(hostname) == false
11
- puts "Setting hostname to: #{hostname}"
12
- set_hostname(hostname)
13
- end
14
-
9
+ set_hostname(deployment[:hostname]) if !options[:pretend]
15
10
  installer = 'emerge --usepkg --buildpkg --quiet --noreplace '
16
11
  # This needs cpuid2cpuflags to build make.conf; don't --pretend here.
17
12
  system("qlist -I cpuid2cpuflags &>/dev/null || #{installer} cpuid2cpuflags &>/dev/null")
@@ -23,43 +18,108 @@ module DanarchyDeploy
23
18
  cleaner = 'emerge --depclean --quiet '
24
19
  cleaner += '--pretend ' if options[:pretend]
25
20
 
21
+ if emerge_sync_in_progress
22
+ puts "\n > Waiting for emerge sync to complete."
23
+ emerge_sync_wait
24
+ end
25
+
26
26
  if deployment[:portage]
27
27
  if deployment[:portage][:templates]
28
28
  puts "\nChecking Portage configs."
29
29
  DanarchyDeploy::Templater.new(deployment[:portage][:templates], options)
30
30
  end
31
31
 
32
- emerge_sync(options) if deployment[:portage][:sync]
32
+ emerge_sync(deployment[:portage][:sync], options)
33
33
  end
34
34
 
35
35
  [installer, updater, cleaner]
36
36
  end
37
37
 
38
38
  private
39
+ def self.emerge_sync_in_progress
40
+ repo_path = `emerge --info | grep location`.chomp.split(': ').last
41
+ Dir.exist?(repo_path + '/.tmp-unverified-download-quarantine')
42
+ end
39
43
 
40
- def self.emerge_sync(options)
41
- File.open('/tmp/datetime', 'a+') do |f|
42
- last_sync = f.getbyte ? DateTime.parse(f.read) : (DateTime.now - 2)
43
-
44
- if (DateTime.now - last_sync).to_i != 0
45
- puts "\nUpdating Portage repo..."
46
- DanarchyDeploy::Helpers.run_command('emerge --sync --quiet 2>/dev/null', options)
47
- f.truncate(0)
48
- f.write DateTime.now
49
- end
44
+ def self.emerge_sync_wait
45
+ while emerge_sync_in_progress
46
+ sleep 3
47
+ end
48
+ puts " |> Continuing with emerge!"
49
+ end
50
50
 
51
- f.close
51
+ def self.emerge_sync(sync, options)
52
+ if sync.nil?
53
+ install_cron_template(sync, options)
54
+ elsif sync == false
55
+ puts "\nNot running emerge sync; set to: #{sync}"
56
+ install_cron_template(sync, options)
57
+ elsif sync == true
58
+ File.delete('/var/spool/cron/crontabs/portage') if File.exist?('/var/spool/cron/crontabs/portage')
59
+ DanarchyDeploy::Helpers.run_command('emerge --sync &>/var/log/emerge-sync.log', options)
60
+ elsif sync =~ /([0-9]{1,2}|\*|\@[a-z]{4,7})/i
61
+ install_cron_template(sync, options)
62
+ else
63
+ puts "\nUnknown sync cron time: #{sync}. Not running emerge sync!"
52
64
  end
53
65
  end
54
66
 
55
67
  def self.set_hostname(hostname)
56
- confd_hostname = "hostname=\"#{hostname}\""
57
- File.write('/etc/conf.d/hostname', confd_hostname)
58
- `hostname #{hostname}`
68
+ if `hostname`.chomp != hostname
69
+ puts "Setting hostname to: #{hostname}"
70
+ confd_hostname = "hostname=\"#{hostname}\""
71
+ File.write('/etc/conf.d/hostname', confd_hostname)
72
+ `hostname #{hostname}`
73
+ end
59
74
  end
60
75
 
61
- def self.check_hostname(hostname)
62
- `hostname`.chomp == hostname
76
+ def self.install_cron_template(sync, options)
77
+ templates = if sync.nil? || sync == false
78
+ [
79
+ {
80
+ target: '/var/spool/cron/crontabs/portage',
81
+ remove: true
82
+ }
83
+ ]
84
+ else
85
+ [
86
+ {
87
+ source: 'builtin::system/crontab.erb',
88
+ target: '/var/spool/cron/crontabs/portage',
89
+ dir_perms: {
90
+ owner: 'root',
91
+ group: 'crontab',
92
+ mode: '1730'
93
+ },
94
+ file_perms: {
95
+ owner: 'portage',
96
+ group: 'crontab',
97
+ mode: '0600'
98
+ },
99
+ variables: {
100
+ shell: '/bin/bash',
101
+ path: '/usr/local/sbin:/usr/local/bin:/usr/bin',
102
+ env: '',
103
+ jobs: [
104
+ {
105
+ schedule: sync,
106
+ command: 'emerge --sync &>/var/log/emerge-sync.log'
107
+ },
108
+ {
109
+ schedule: '@daily',
110
+ command: 'eclean-dist &>/dev/null'
111
+ },
112
+ {
113
+ schedule: '@daily',
114
+ command: 'eclean-pkg &>/dev/null'
115
+ }
116
+ ]
117
+ }
118
+ }
119
+ ]
120
+ end
121
+
122
+ DanarchyDeploy::Templater.new(templates, options)
63
123
  end
64
124
  end
65
125
  end
@@ -6,6 +6,7 @@ module DanarchyDeploy
6
6
  puts "\n" + self.name
7
7
  puts "#{deployment[:os].capitalize} detected! Using zypper."
8
8
 
9
+ set_hostname(deployment[:hostname]) if !options[:pretend]
9
10
  puts "Updating zypper repositories..."
10
11
  DanarchyDeploy::Helpers.run_command('sudo zypper refresh', options)
11
12
 
@@ -17,6 +18,11 @@ module DanarchyDeploy
17
18
 
18
19
  [installer, updater, cleaner]
19
20
  end
21
+
22
+ private
23
+ def set_hostname(hostname)
24
+ `hostnamectl hostname #{hostname}`
25
+ end
20
26
  end
21
27
  end
22
28
  end
@@ -3,7 +3,7 @@ require_relative 'system/debian'
3
3
  require_relative 'system/gentoo'
4
4
  require_relative 'system/opensuse'
5
5
 
6
- require_relative 'system/cryptsetup'
6
+ # require_relative 'system/cryptsetup'
7
7
  require_relative 'system/fstab'
8
8
 
9
9
  module DanarchyDeploy
@@ -13,10 +13,11 @@ module DanarchyDeploy
13
13
  puts "\n" + self.name
14
14
 
15
15
  installer, updater, cleaner = prep_operating_system(deployment, options)
16
- install_result = nil
16
+ install_result, updater_result = nil, nil
17
17
 
18
18
  puts "\n > Package Installation"
19
- if deployment[:packages].any? && ['all', 'packages', nil].include?(deployment[:system][:update])
19
+ if [true, 'all', 'selected', nil].include?(deployment[:system][:update]) &&
20
+ deployment[:packages].any?
20
21
  packages = deployment[:packages].join(' ')
21
22
  puts "\n - Installing packages..."
22
23
  install_result = DanarchyDeploy::Helpers.run_command("#{installer} #{packages}", options)
@@ -28,18 +29,21 @@ module DanarchyDeploy
28
29
  end
29
30
 
30
31
  puts "\n > #{deployment[:os].capitalize} System Updates"
31
- if ['all', 'system', nil].include?(deployment[:system][:update])
32
+ if [true, 'all', 'system', nil].include?(deployment[:system][:update])
32
33
  puts "\n - Running system updates..."
33
34
  updater_result = DanarchyDeploy::Helpers.run_command(updater, options)
34
35
  puts updater_result[:stdout] if updater_result[:stdout]
35
- puts "\n - Cleaning up unused packages..."
36
- cleanup_result = DanarchyDeploy::Helpers.run_command(cleaner, options)
37
- puts cleanup_result[:stdout] if cleanup_result[:stdout]
38
36
  else
39
37
  puts "\n - Not running #{deployment[:os].capitalize} system updates."
40
38
  puts " |_ Updates selected: #{deployment[:system][:update]}"
41
39
  end
42
40
 
41
+ if install_result || updater_result
42
+ puts "\n - Cleaning up unused packages..."
43
+ cleanup_result = DanarchyDeploy::Helpers.run_command(cleaner, options)
44
+ puts cleanup_result[:stdout] if cleanup_result[:stdout]
45
+ end
46
+
43
47
  deployment
44
48
  end
45
49
 
@@ -59,7 +63,8 @@ module DanarchyDeploy
59
63
  DanarchyDeploy::Templater.new(deployment[:system][:templates], options)
60
64
  end
61
65
 
62
- DanarchyDeploy::System::Cryptsetup.new(deployment[:os], deployment[:system][:cryptsetup], options)
66
+ # Disabled due to Init changes; re-writing and splitting LVM/CryptSetup
67
+ # DanarchyDeploy::System::Cryptsetup.new(deployment[:os], deployment[:system][:cryptsetup], options)
63
68
 
64
69
  if deployment[:system][:fstab]
65
70
  DanarchyDeploy::System::Fstab.new(deployment[:os], deployment[:system][:fstab], options)
@@ -95,13 +95,12 @@ module DanarchyDeploy
95
95
  chmod = nil
96
96
  puts "\n > Verifying ownership and permissions for '#{target}'"
97
97
  if perms
98
- puts " |+ Setting file mode to: #{perms[:mode]}"
99
98
  (owner, group, mode) = perms[:owner], perms[:group], perms[:mode]
100
99
  else
101
100
  if File.stat(target).mode & 07777 == '0777'.to_i(8)
102
101
  puts " ! '#{target}' has 0777 permissions! Setting those to something more sane."
103
102
  if File.ftype(target) == 'directory'
104
- puts " |+ Setting file mode to: 0775"
103
+ puts " |+ Setting directory mode to: 0775"
105
104
  chmod = File.chmod(0775, target) ? true : false if !options[:pretend]
106
105
  elsif File.ftype(target) == 'file'
107
106
  puts " |+ Setting file mode to: 0644"
@@ -8,6 +8,7 @@ module DanarchyDeploy
8
8
 
9
9
  deployment[:users].each do |username, user|
10
10
  user[:username] = username.to_s
11
+ user[:home] ||= '/home/' + username.to_s
11
12
  puts "\n > Checking if user '#{user[:username]}' already exists."
12
13
  usercheck_result = usercheck(user, options)
13
14
 
@@ -15,8 +16,8 @@ module DanarchyDeploy
15
16
  puts " - User: #{user[:username]} already exists!"
16
17
  else
17
18
  group = { groupname: user[:username] }
18
- group[:gid] = user[:gid] ? user[:gid] : nil
19
- group[:system] = user[:system] ? user[:system] : nil
19
+ group[:gid] = user[:gid] || nil
20
+ group[:system] = user[:system] || nil
20
21
 
21
22
  groupcheck_result = DanarchyDeploy::Groups.groupcheck(group, options)
22
23
  if !groupcheck_result[:stdout] && group[:gid]
@@ -40,12 +41,12 @@ module DanarchyDeploy
40
41
 
41
42
  if user[:authorized_keys]
42
43
  puts "\n > Checking on #{user[:authorized_keys].count} authorized_keys for user: #{user[:username]}"
43
- authorized_keys(user)
44
+ authorized_keys(user, options)
44
45
  end
45
46
 
46
47
  if user[:sudoer]
47
48
  puts "\n > Checking sudo rules for user: #{user[:username]}"
48
- sudoer(user)
49
+ sudoer(user, options)
49
50
  end
50
51
  end
51
52
 
@@ -63,13 +64,13 @@ module DanarchyDeploy
63
64
  private
64
65
  def self.useradd(user, options)
65
66
  useradd_cmd = "useradd #{user[:username]} "
66
- useradd_cmd += "--home-dir #{user[:home]} " if user[:home]
67
- useradd_cmd += "--create-home " if !Dir.exist?(user[:home])
68
- useradd_cmd += "--uid #{user[:uid]} " if user[:uid]
69
- useradd_cmd += "--gid #{user[:gid]} " if user[:gid]
67
+ useradd_cmd += "--home-dir #{user[:home]} " if user[:home]
68
+ useradd_cmd += "--create-home " if ! Dir.exist?(user[:home])
69
+ useradd_cmd += "--uid #{user[:uid]} " if user[:uid]
70
+ useradd_cmd += "--gid #{user[:gid]} " if user[:gid]
70
71
  useradd_cmd += "--groups #{user[:groups].join(',')} " if user[:groups]
71
- useradd_cmd += "--shell /sbin/nologin " if user[:nologin]
72
- useradd_cmd += "--system " if user[:system]
72
+ useradd_cmd += "--shell /sbin/nologin " if user[:nologin]
73
+ useradd_cmd += "--system " if user[:system]
73
74
  DanarchyDeploy::Helpers.run_command(useradd_cmd, options)
74
75
  end
75
76
 
@@ -111,40 +112,47 @@ module DanarchyDeploy
111
112
  DanarchyDeploy::Helpers.run_command(removegroup_cmd, options)
112
113
  end
113
114
 
114
- def self.authorized_keys(user)
115
- ssh_path = user[:home] + '/.ssh'
116
- authkeys = ssh_path + '/authorized_keys'
117
-
118
- Dir.exist?(ssh_path) || Dir.mkdir(ssh_path, 0700)
119
- File.chown(user[:uid], user[:gid], ssh_path)
120
- File.open(authkeys, 'a+') do |f|
121
- contents = f.read
122
- user[:authorized_keys].each do |authkey|
123
- if contents.include?(authkey)
124
- puts " - Key already in place: #{authkey}"
125
- else
126
- puts " + Adding authorized_key: #{authkey}"
127
- f.puts authkey
128
- end
129
- end
130
-
131
- f.chown(user[:uid], user[:gid])
132
- f.close
133
- end
115
+ def self.authorized_keys(user, options)
116
+ templates = [
117
+ {
118
+ source: 'builtin::system/authorized_keys.erb',
119
+ target: user[:home] + '/.ssh/authorized_keys',
120
+ dir_perms: {
121
+ owner: user[:username],
122
+ group: user[:username],
123
+ mode: '0700'
124
+ },
125
+ file_perms: {
126
+ owner: user[:username],
127
+ group: user[:username],
128
+ mode: '0644'
129
+ },
130
+ variables: {
131
+ authorized_keys: user[:authorized_keys]
132
+ }
133
+ }
134
+ ]
135
+
136
+ DanarchyDeploy::Templater.new(templates, options)
134
137
  end
135
138
 
136
- def self.sudoer(user)
137
- sudoer_file = '/etc/sudoers.d/danarchy_deploy-' + user[:username]
138
- File.open(sudoer_file, 'a+') do |f|
139
- if !f.read.include?(user[:sudoer])
140
- puts " |+ Added: '#{user[:sudoer]}'"
141
- f.puts user[:sudoer]
142
- else
143
- puts ' - No change needed'
144
- end
145
-
146
- f.close
147
- end
139
+ def self.sudoer(user, options)
140
+ templates = [
141
+ {
142
+ source: 'builtin::system/sudoers.erb',
143
+ target: '/etc/sudoers.d/danarchy_deploy-' + user[:username],
144
+ file_perms: {
145
+ owner: 'root',
146
+ group: 'root',
147
+ mode: '0440'
148
+ },
149
+ variables: {
150
+ rules: user[:sudoer]
151
+ }
152
+ }
153
+ ]
154
+
155
+ DanarchyDeploy::Templater.new(templates, options)
148
156
  end
149
157
  end
150
158
  end
@@ -1,3 +1,3 @@
1
1
  module DanarchyDeploy
2
- VERSION = "0.2.7"
2
+ VERSION = "0.2.8"
3
3
  end